SUSE-SU-2015:0694-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150694-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0694-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0694-1
Related
Published
2015-03-25T23:21:02Z
Modified
2015-03-25T23:21:02Z
Summary
Security update for python-Django
Details

python-Django has been updated to fix two vulnerabilities:

* URLs starting with control characters could have allowed XSS
  (cross-site-scripting) attacks via user-supplied redirect URLs
  (CVE-2015-2317)
* An infinite loop possibility could be triggered in the strip_tags()
  function, which allowed denial of service attacks (CVE-2015-2316)

Security Issues:

* CVE-2015-2316
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2316>
* CVE-2015-2317
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2317>
References

Affected packages